Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus is redirecting my google links


  • This topic is locked This topic is locked
7 replies to this topic

#1 sellicat

sellicat

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 06 November 2010 - 07:12 PM

I have been having trouble when I click on a google link it redirects me to another site.
I went through your step by step 'preparation guide' but the DSS wouldn't save as a screen saver but only as an AutoCAD file. I couldn't get DSS to work for me - used Hijack instead, hope this is okay. Then I downloaded the GMER and was scanning, it seemed to be working great for 15 minutes. Then it shut my computer down all of a sudden. I went into safe mode and tried to run GMER again and it shut me down again. Everything seems to be okay if I don't run that program but still not sure what to do to fix my problem with google links redirecting? Please help, my log is below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:17:22 PM, on 11/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Downloads\HijackThis.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:23 AM

Posted 14 November 2010 - 07:08 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 sellicat

sellicat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 15 November 2010 - 02:32 PM

Hi,

My problem started with links in my google search redirecting. Now my computer occasionally goes suddenly to a blue screen and warning and then shuts down instantly, before I can read the warning. This has happened a couple of times. Also random webpages are now opening up when the internet is on. Can you please help me correct this. The scan reports you requested are below. Thanks.


OTL logfile created on: 11/15/2010 11:12:37 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Aysha\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229.83 Gb Total Space | 171.65 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 112.94 Gb Free Space | 37.89% Space Free | Partition Type: NTFS

Computer Name: AYSHA-PC | User Name: Aysha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 11:12:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Aysha\Desktop\OTL.exe
PRC - [2010/10/28 18:11:15 | 002,988,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2010/10/28 17:35:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/09/29 06:21:20 | 000,109,222 | ---- | M] () -- C:\Users\Aysha\AppData\Local\Temp\jre_setup2.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
PRC - [2007/11/01 14:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/27 15:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/02 12:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 15:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 13:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 00:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2006/11/21 13:02:24 | 001,807,960 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
PRC - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2006/11/02 01:45:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
PRC - [2006/10/22 22:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 11:12:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Aysha\Desktop\OTL.exe
MOD - [2010/08/31 07:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/28 17:35:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/28 13:22:24 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/09/18 13:50:54 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2008/11/26 16:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 16:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/17 09:22:00 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/08 07:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/18 00:02:00 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/25 17:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/13 15:28:04 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/03/26 15:18:24 | 000,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 17:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/09 15:04:20 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2006/11/09 15:04:20 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/09/11 14:54:34 | 001,021,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2108163001-638448866-911499290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2108163001-638448866-911499290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2108163001-638448866-911499290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2108163001-638448866-911499290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/10/28 17:46:13 | 000,001,243 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (cashtitan browser enhancer) - {4DA478C8-2736-BC8F-5A42-A9CE119A84C2} - C:\Windows\System32\tndvfknavqqna.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2108163001-638448866-911499290-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [affgxzkstntxuebky] C:\Windows\System32\tndvfknavqqna.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2108163001-638448866-911499290-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2108163001-638448866-911499290-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Aysha\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aysha\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/28 16:35:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 11:12:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Aysha\Desktop\OTL.exe
[2010/11/11 10:56:14 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\THEO
[2010/11/11 10:52:18 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\Website Jpeg
[2010/11/10 12:48:40 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\Design Images
[2010/11/06 15:54:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/06 15:25:35 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\gmer
[2010/11/04 09:22:31 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\1 Costello Design\Documents\Costello Design
[2010/11/03 09:57:27 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\Mixed Party Bag
[2010/11/03 08:14:07 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/11/02 19:57:41 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\Peru
[2010/10/30 19:12:53 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\Garden
[2010/10/29 12:49:46 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\skypePM
[2010/10/29 12:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/29 12:48:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/10/29 12:48:49 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\Skype
[2010/10/29 12:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/10/28 20:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/28 18:55:08 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\1 Costello Design\Documents\Updater5
[2010/10/28 18:22:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/10/28 18:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/10/28 18:09:46 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\BitTorrent
[2010/10/28 17:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/10/28 17:43:03 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\Macromedia
[2010/10/28 17:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/28 17:10:12 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\1 Costello Design
[2010/10/28 17:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/10/28 17:01:56 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\Autodesk
[2010/10/28 17:01:56 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\Autodesk
[2010/10/28 17:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/10/28 17:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2010/10/28 16:35:18 | 000,000,000 | ---D | C] -- C:\Autodesk
[2010/10/28 16:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/10/28 16:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/10/28 16:03:04 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\Adobe
[2010/10/28 15:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/28 15:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/28 15:44:28 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\Adobe
[2010/10/28 15:40:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/10/28 15:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/28 15:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/10/28 15:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/28 15:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/10/28 15:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/28 15:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/10/28 15:01:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/28 15:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/28 14:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/10/28 14:58:39 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\Microsoft Help
[2010/10/28 14:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/10/28 14:57:00 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/10/28 14:25:41 | 001,021,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\vsapint.sys
[2010/10/28 14:25:41 | 000,280,392 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\TM_CFW.sys
[2010/10/28 14:25:41 | 000,205,328 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmxpflt.sys
[2010/10/28 14:25:41 | 000,073,288 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2010/10/28 14:25:41 | 000,036,368 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmpreflt.sys
[2010/10/28 14:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2010/10/28 14:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/28 14:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2010/10/28 14:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/10/28 14:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/10/28 14:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/10/28 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/10/28 14:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/10/28 14:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/10/28 14:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/10/28 14:01:28 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\MediaDirect
[2010/10/28 14:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2010/10/28 14:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/28 13:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/10/28 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/10/28 13:53:49 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Desktop\1 Costello Design\Documents\Dell Webcam Center
[2010/10/28 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\Creative
[2010/10/28 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2010/10/28 13:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/10/28 13:51:07 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2010/10/28 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\InstallShield
[2010/10/28 13:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2010/10/28 13:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/10/28 13:36:15 | 000,042,496 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2010/10/28 13:36:15 | 000,039,936 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2010/10/28 13:36:15 | 000,037,376 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2010/10/28 13:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010/10/28 13:32:22 | 000,007,424 | ---- | C] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\OEM02Vfx.sys
[2010/10/28 13:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2010/10/28 13:30:17 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\TMP
[2010/10/28 13:28:45 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010/10/28 13:28:45 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/10/28 13:28:08 | 000,595,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/10/28 13:28:08 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/10/28 13:28:08 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/10/28 13:28:08 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/10/28 13:28:08 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010/10/28 13:28:07 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/10/28 13:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2010/10/28 13:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/10/28 13:26:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/10/28 13:23:38 | 000,000,000 | ---D | C] -- C:\Intel
[2010/10/28 13:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2010/10/28 13:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/10/28 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\Citrix
[2010/10/28 13:22:06 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\Deployment
[2010/10/28 13:22:06 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\Apps
[2010/10/28 13:18:00 | 000,000,000 | ---D | C] -- C:\Users\Aysha\Roaming
[2010/10/28 13:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2010/10/28 13:18:00 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\Intel
[2010/10/28 13:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/10/28 13:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/10/28 13:16:28 | 000,000,000 | ---D | C] -- C:\dell
[2010/10/28 13:14:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2010/10/28 13:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/10/28 13:13:46 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/28 13:10:38 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Searches
[2010/10/28 13:10:30 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\Identities
[2010/10/28 13:10:28 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Contacts
[2010/10/28 13:10:27 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\VirtualStore
[2010/10/28 13:10:23 | 000,000,000 | --SD | C] -- C:\Users\Aysha\AppData\Roaming\Microsoft
[2010/10/28 13:10:23 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Videos
[2010/10/28 13:10:23 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Saved Games
[2010/10/28 13:10:23 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Pictures
[2010/10/28 13:10:23 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Music
[2010/10/28 13:10:23 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Links
[2010/10/28 13:10:23 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Favorites
[2010/10/28 13:10:23 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Downloads
[2010/10/28 13:10:23 | 000,000,000 | R--D | C] -- C:\Users\Aysha\Desktop
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\AppData\Local\Temporary Internet Files
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Templates
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Start Menu
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\SendTo
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Recent
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\PrintHood
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\NetHood
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Desktop\1 Costello Design\Documents\My Videos
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Desktop\1 Costello Design\Documents\My Pictures
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Desktop\1 Costello Design\Documents\My Music
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\My Documents
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Local Settings
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\AppData\Local\History
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Cookies
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\Application Data
[2010/10/28 13:10:23 | 000,000,000 | -HSD | C] -- C:\Users\Aysha\AppData\Local\Application Data
[2010/10/28 13:10:23 | 000,000,000 | -H-D | C] -- C:\Users\Aysha\AppData
[2010/10/28 13:10:23 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\Temp
[2010/10/28 13:10:23 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Local\Microsoft
[2010/10/28 13:10:23 | 000,000,000 | ---D | C] -- C:\Users\Aysha\AppData\Roaming\Media Center Programs
[2010/10/28 13:09:54 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/10/28 13:09:37 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/10/28 13:09:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010/10/28 12:39:36 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/10/28 12:14:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/28 12:10:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/10/28 12:10:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010/11/15 11:12:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Aysha\Desktop\OTL.exe
[2010/11/15 11:09:22 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/15 11:09:22 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/15 11:00:01 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\Acrobat Update.job
[2010/11/15 10:49:29 | 000,061,221 | ---- | M] () -- C:\Windows\System32\ltekfbxzblspeenm.exe
[2010/11/15 10:49:03 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 10:49:03 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 10:49:00 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\BKDW.job
[2010/11/15 10:48:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/15 10:48:55 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 02:58:36 | 000,387,072 | ---- | M] () -- C:\Windows\System32\tndvfknavqqna.dll
[2010/11/14 20:05:43 | 000,014,848 | ---- | M] () -- C:\Users\Aysha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/14 12:37:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/11/13 18:32:02 | 297,413,790 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/12 01:19:28 | 000,384,000 | ---- | M] () -- C:\Windows\System32\_tndvfknavqqna.dll
[2010/11/06 15:24:54 | 000,287,041 | ---- | M] () -- C:\Users\Aysha\Desktop\gmer.zip
[2010/11/06 12:48:38 | 000,000,000 | ---- | M] () -- C:\Users\Aysha\defogger_reenable
[2010/11/06 12:47:54 | 000,050,477 | ---- | M] () -- C:\Users\Aysha\Desktop\Defogger.exe
[2010/11/03 09:58:30 | 000,000,938 | ---- | M] () -- C:\Users\Aysha\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/30 19:06:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/29 12:49:49 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/10/29 12:48:51 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/29 12:42:42 | 000,000,104 | ---- | M] () -- C:\Users\Aysha\Desktop\Recycle Bin - Shortcut.lnk
[2010/10/29 12:14:40 | 000,001,356 | ---- | M] () -- C:\Users\Aysha\AppData\Local\d3d9caps.dat
[2010/10/29 10:44:29 | 000,000,938 | ---- | M] () -- C:\Users\Aysha\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/10/29 10:43:52 | 000,000,006 | ---- | M] () -- C:\Users\Aysha\AppData\Roaming\start
[2010/10/29 10:41:39 | 000,000,006 | ---- | M] () -- C:\Users\Aysha\AppData\Roaming\completescan
[2010/10/29 10:34:46 | 002,174,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/29 10:31:07 | 000,000,010 | ---- | M] () -- C:\Users\Aysha\AppData\Roaming\install
[2010/10/29 10:29:53 | 000,603,136 | ---- | M] () -- C:\Users\Aysha\AppData\Roaming\hotfix.exe
[2010/10/29 10:29:53 | 000,000,317 | ---- | M] () -- C:\Users\Aysha\AppData\Roaming\ahfg.bat
[2010/10/28 18:49:45 | 000,001,964 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/10/28 18:49:45 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/10/28 18:49:44 | 000,001,808 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/10/28 18:38:31 | 000,081,920 | RHS- | M] () -- C:\Windows\System32\comsvcsh.dll
[2010/10/28 17:03:02 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2010/10/28 14:16:46 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Roxio Creator Home.lnk
[2010/10/28 13:56:31 | 000,016,060 | ---- | M] () -- C:\Windows\System32\results.xml
[2010/10/28 13:52:49 | 000,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2010/10/28 13:48:31 | 147,278,480 | ---- | M] () -- C:\Users\Aysha\Desktop\Web Cam Driver.exe
[2010/10/28 13:35:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/10/28 13:22:16 | 000,103,784 | ---- | M] () -- C:\Users\Aysha\GoToAssistDownloadHelper.exe
[2010/10/28 13:20:28 | 000,000,943 | ---- | M] () -- C:\Users\Aysha\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/28 13:09:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/28 12:15:41 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2010/11/14 12:37:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/11/14 12:10:39 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/11 10:00:20 | 000,061,221 | ---- | C] () -- C:\Windows\System32\ltekfbxzblspeenm.exe
[2010/11/06 15:54:28 | 297,413,790 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/06 15:24:46 | 000,287,041 | ---- | C] () -- C:\Users\Aysha\Desktop\gmer.zip
[2010/11/06 12:48:38 | 000,000,000 | ---- | C] () -- C:\Users\Aysha\defogger_reenable
[2010/11/06 12:47:53 | 000,050,477 | ---- | C] () -- C:\Users\Aysha\Desktop\Defogger.exe
[2010/11/03 10:41:54 | 000,014,848 | ---- | C] () -- C:\Users\Aysha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 09:58:30 | 000,000,938 | ---- | C] () -- C:\Users\Aysha\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/03 02:09:34 | 000,387,072 | ---- | C] () -- C:\Windows\System32\tndvfknavqqna.dll
[2010/11/03 02:09:34 | 000,384,000 | ---- | C] () -- C:\Windows\System32\_tndvfknavqqna.dll
[2010/10/30 19:06:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/29 12:49:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/29 12:48:51 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/29 12:42:42 | 000,000,104 | ---- | C] () -- C:\Users\Aysha\Desktop\Recycle Bin - Shortcut.lnk
[2010/10/29 10:43:52 | 000,000,006 | ---- | C] () -- C:\Users\Aysha\AppData\Roaming\start
[2010/10/29 10:41:39 | 000,000,006 | ---- | C] () -- C:\Users\Aysha\AppData\Roaming\completescan
[2010/10/29 10:31:07 | 000,000,010 | ---- | C] () -- C:\Users\Aysha\AppData\Roaming\install
[2010/10/29 10:29:53 | 000,603,136 | ---- | C] () -- C:\Users\Aysha\AppData\Roaming\hotfix.exe
[2010/10/29 10:29:53 | 000,000,317 | ---- | C] () -- C:\Users\Aysha\AppData\Roaming\ahfg.bat
[2010/10/29 09:46:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/29 09:46:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/29 09:46:22 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/10/28 18:49:45 | 000,001,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/10/28 18:49:45 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/10/28 18:49:44 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/10/28 18:38:31 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\comsvcsh.dll
[2010/10/28 18:38:31 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\BKDW.job
[2010/10/28 18:38:18 | 000,000,300 | -H-- | C] () -- C:\Windows\tasks\Acrobat Update.job
[2010/10/28 17:03:02 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2010/10/28 15:31:58 | 000,000,938 | ---- | C] () -- C:\Users\Aysha\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/10/28 14:19:17 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/10/28 14:16:46 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Roxio Creator Home.lnk
[2010/10/28 13:56:31 | 000,016,060 | ---- | C] () -- C:\Windows\System32\results.xml
[2010/10/28 13:52:49 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/10/28 13:48:27 | 147,278,480 | ---- | C] () -- C:\Users\Aysha\Desktop\Web Cam Driver.exe
[2010/10/28 13:35:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/10/28 13:32:22 | 000,260,330 | ---- | C] () -- C:\Windows\System32\OEM02Cvw.bff
[2010/10/28 13:32:22 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02Pvc.bmp
[2010/10/28 13:32:22 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02PC.bmp
[2010/10/28 13:32:22 | 000,004,510 | ---- | C] () -- C:\Windows\OEM002.uns
[2010/10/28 13:26:27 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNBR.bmp
[2010/10/28 13:26:27 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2010/10/28 13:26:19 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010/10/28 13:26:18 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2010/10/28 13:26:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2010/10/28 13:26:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2010/10/28 13:26:18 | 000,024,256 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2010/10/28 13:26:18 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2010/10/28 13:26:18 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2010/10/28 13:22:15 | 000,103,784 | ---- | C] () -- C:\Users\Aysha\GoToAssistDownloadHelper.exe
[2010/10/28 13:20:28 | 000,000,943 | ---- | C] () -- C:\Users\Aysha\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/28 13:10:24 | 000,001,356 | ---- | C] () -- C:\Users\Aysha\AppData\Local\d3d9caps.dat
[2010/10/28 13:10:23 | 000,000,258 | ---- | C] () -- C:\Users\Aysha\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/28 13:10:23 | 000,000,240 | ---- | C] () -- C:\Users\Aysha\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/28 13:09:39 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010/10/28 13:09:37 | 000,333,203 | RHS- | C] () -- C:\bootmgr
[2010/10/28 13:09:16 | 000,000,024 | RH-- | C] () -- C:\Windows\dell_version
[2007/07/25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/10/28 17:14:20 | 000,000,000 | ---D | M] -- C:\Users\Aysha\AppData\Roaming\Autodesk
[2010/11/15 11:14:51 | 000,000,000 | ---D | M] -- C:\Users\Aysha\AppData\Roaming\BitTorrent
[2010/10/28 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\Aysha\AppData\Roaming\TMP
[2010/11/15 11:00:01 | 000,000,300 | -H-- | M] () -- C:\Windows\Tasks\Acrobat Update.job
[2010/11/15 10:49:00 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\BKDW.job
[2010/11/14 23:23:36 | 000,017,146 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 11/15/2010 11:12:37 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Aysha\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229.83 Gb Total Space | 171.65 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 112.94 Gb Free Space | 37.89% Space Free | Partition Type: NTFS

Computer Name: AYSHA-PC | User Name: Aysha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{395795D0-9C34-4317-9565-2B617CAC4911}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AEE36CB3-9D11-4B0E-9FAA-F842FDFDD636}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{CBA66D8F-A95F-450A-A602-B024AA2B8670}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{DA46DB04-CB34-4932-BE5F-1385F1A24296}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15883E40-CC7A-4272-8DFE-BAD4EFECF307}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3D4291A8-4C17-4E18-9A25-407A4E4C755E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E029F22-1BE6-4E7E-A50E-310549413554}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5CE9A8AC-0DB3-488F-9572-9B254BE9E885}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{6777D705-658B-446D-B6F1-7922CF6C641A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6E200545-CF1A-4482-968E-9245D14B6158}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{729FCE2D-D887-4402-885D-160828CEB0A4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{767A3068-6521-4A9C-8D73-27EEE734D085}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{7D28BD25-8E41-4656-B249-65E727F11BFD}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{91432924-3F6F-499F-8400-8AA0A449E2D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9750771B-4798-47BD-A363-E838EEBF6463}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E3485AB3-16FD-435B-A996-ABE76988A50D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F3AE1F6C-C359-4902-A2DD-52CD82530412}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{E21E0390-3375-4733-AD24-4F27666C8661}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"UDP Query User{546D6058-0C7F-460E-872F-674873853967}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 14
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"BitTorrent" = BitTorrent
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel® Graphics Media Accelerator Driver
"ltekfbxzblspeenm" = Advanced Performance Platform Cashtitan.
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel® PROSet/Wireless Software
"TmPcc" = Trend Micro PC-cillin Internet Security 14

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2010 8:00:38 PM | Computer Name = Aysha-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/13/2010 8:06:58 PM | Computer Name = Aysha-PC | Source = Trend Realtime Service | ID = 3
Description =

Error - 11/13/2010 10:33:45 PM | Computer Name = Aysha-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/14/2010 4:12:18 PM | Computer Name = Aysha-PC | Source = Trend Realtime Service | ID = 3
Description =

Error - 11/14/2010 4:12:20 PM | Computer Name = Aysha-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/14/2010 5:08:04 PM | Computer Name = Aysha-PC | Source = Trend Realtime Service | ID = 3
Description =

Error - 11/14/2010 5:08:05 PM | Computer Name = Aysha-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/14/2010 5:14:26 PM | Computer Name = Aysha-PC | Source = Trend Realtime Service | ID = 3
Description =

Error - 11/15/2010 2:50:34 PM | Computer Name = Aysha-PC | Source = Trend Realtime Service | ID = 3
Description =

Error - 11/15/2010 2:50:35 PM | Computer Name = Aysha-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/14/2010 4:12:20 PM | Computer Name = Aysha-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/14/2010 5:06:29 PM | Computer Name = Aysha-PC | Source = HTTP | ID = 15016
Description =

Error - 11/14/2010 5:08:06 PM | Computer Name = Aysha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/14/2010 5:08:06 PM | Computer Name = Aysha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/14/2010 5:08:06 PM | Computer Name = Aysha-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/15/2010 2:48:59 PM | Computer Name = Aysha-PC | Source = HTTP | ID = 15016
Description =

Error - 11/15/2010 2:49:06 PM | Computer Name = Aysha-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.65 for the Network Card with network
address 001DE097D301 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 11/15/2010 2:50:36 PM | Computer Name = Aysha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/15/2010 2:50:36 PM | Computer Name = Aysha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/15/2010 2:50:36 PM | Computer Name = Aysha-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E004000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6184960 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81E00000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81E00000 PnpManager 3903488 bytes
0x81E00000 RAW 3903488 bytes
0x81E00000 WMIxWDM 3903488 bytes
0x8E60E000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2265088 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x970F0000 Win32k 2109440 bytes
0x970F0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8EA06000 C:\Windows\system32\DRIVERS\TM_CFW.sys 1826816 bytes (Trend Micro Inc., Trend Micro Common Firewall Module 2.6(IM i386-fre))
0x8A000000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x89C79000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8EC0D000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8FCCF000 C:\Windows\system32\DRIVERS\vsapint.sys 1019904 bytes (Trend Micro Inc., VsapiNT )
0x89E0B000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804CA000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x816E5000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8ED11000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x80C05000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x89F1E000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x80607000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x89C08000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80D0B000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80410000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8EE09000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x8E892000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x8167F000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x97340000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x80739000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8EF84000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80690000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8DA5F000 C:\Windows\system32\DRIVERS\yk60x86.sys 286720 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x80489000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E98B000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8DA00000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8FC06000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8DB6E000 C:\Windows\system32\DRIVERS\VSTAZL3.SYS 245760 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x89DAF000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8EE77000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x81606000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A10F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8DB3A000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x821B9000 ACPI_HAL 208896 bytes
0x821B9000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x805AA000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8EFCC000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E95D000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8DBAA000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8E8F6000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x89D84000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8DB10000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x80CC4000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x817CD000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x81657000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A15F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E7000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8DBD7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8DAA5000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A197000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8EDD1000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0x8EF07000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x80DC3000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8FDC8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807B0000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x80D78000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x89EF4000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FCA7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8E855000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x80D95000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8E938000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8163F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FC4C000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E9D7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8EE5E000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x80DE3000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EBE2000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8EF5A000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x80DAE000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8DAEB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8DAD7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E87E000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8EF70000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8E8E3000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x80CF8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x89FC8000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8DA4D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8FDE7000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8A186000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8EBD1000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80470000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89FDB000 C:\Windows\system32\DRIVERS\tmtdi.sys 69632 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0x807D8000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8EEBC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x80CB4000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80798000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E837000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8DB00000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x89F0F000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8FC98000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A150000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070E000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8DAC8000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E86F000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8DA3E000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8072A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E847000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x97330000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EDF2000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EF43000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8078A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8FC6C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EDC4000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8FCC2000 C:\Windows\system32\DRIVERS\tmpreflt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0x8EBC4000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8E5EA000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80683000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x816CD000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8EEFB000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FC79000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8E92D000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8E922000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8EF38000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E9EE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E9CC000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A1E3000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89FBD000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80720000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8FC84000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8FC8E000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x807CE000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E600000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x80CEE000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8FC42000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x817C3000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A1B8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8EEDB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8EEB3000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8FC63000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x816D9000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x807E8000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8EF51000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97310000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A1EE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E954000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D6000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807A8000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80481000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80408000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8EED3000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DF000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8EF28000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8EF30000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A148000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8EEEB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EECC000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80783000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8EEE4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E950000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8071D000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8EEB1000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0x8E9F9000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8EE75000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x69340000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 1196032 bytes
0x6C070000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 143360 bytes
0x69920000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 2375680 bytes
0x6AEA0000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 380928 bytes
0x68D00000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 4476928 bytes
0x68570000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 6197248 bytes
0x69B70000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 659456 bytes
0x6AC00000 Hidden Image-->System.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 671744 bytes
0x69470000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x84AB2790 ] PID: 3712, 847872 bytes



Thanks so much for the help.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:23 AM

Posted 15 November 2010 - 03:21 PM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 sellicat

sellicat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 15 November 2010 - 07:18 PM

Hi,

It seems like google isn't redirecting my links anymore. Yay! Is there anything else I need to do though? If not I'm just going to turn my security software back on. Here is my Combofix log.
Thanks for the wonderful help so far.

ComboFix 10-11-15.05 - Aysha 11/15/2010 15:53:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1745 [GMT -8:00]
Running from: c:\users\Aysha\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Aysha\AppData\Roaming\completescan
c:\users\Aysha\AppData\Roaming\hotfix.exe
c:\users\Aysha\AppData\Roaming\install
c:\users\Aysha\GoToAssistDownloadHelper.exe
c:\windows\system32\_tndvfknavqqna.dll
c:\windows\system32\arp.exe
c:\windows\system32\tndvfknavqqna.dll
c:\windows\Tasks\Acrobat Update.job

----- File Replicators -----

f:\aysha\Work Files\Work Files 2\autocad_install\._AcDelTree.exe
f:\aysha\Work Files\Work Files 2\autocad_install\._setup.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Common Files\Autodesk Shared\._AcHelp.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Common Files\Autodesk Shared\._mtstack16.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Common Files\Autodesk Shared\._WSCommCntr1.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._AcSignApply.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._addplwiz.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._AdMigrator.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._AdRefMan.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._AdSubAware.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._DwgCheckStandards.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._HPSETUP.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._pc3exe.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._senddmp.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._sfxfe32.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._slidelib.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._styexe.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\._styshwiz.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\._LMU.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\._LTU.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\Express\._alias.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\Express\._dumpshx.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\Express\._lspsurf.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Program Files\Root\Locked\._acad.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Setup\._AcDelTree.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Setup\._Setup.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\acad\Windows\System32\._AcSignOpt.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\CADManager\en-US\Program Files\Autodesk\CAD Manager Tools\._AdPM.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\CADManager\en-US\Program Files\Autodesk\CAD Manager Tools\._CMControl.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\CADManagerControl\en-US\._CMControl.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\DirectX\._DXSETUP.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\._dotNetFx35setup.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX30\._WIC_x86_enu.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX30\._XPSEPSC-x86-en-US.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_1028.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_1031.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_1034.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_1036.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_1040.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_1041.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_1042.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_1046.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._dotnetfx35langpack_x86_2052.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\dotNetFX35\x86\._netfx35_x86.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\dotnetfx\wcu\dotNetFramework\Tools\._clwireg.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\Flash\._install_flash_player.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\NLSDL\._nlsdl.amd64.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\NLSDL\._nlsdl.x86.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\SAMreport-Lite\._SAMreport.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\VCRedist\2005\._vcredist_x86.exe
f:\aysha\Work Files\Work Files 2\autocad_install\x86\support\VCRedist\2008\x86\._install.exe
.
.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 00:02 . 2010-11-16 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-15 19:19 . 2010-11-15 19:20 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-11-15 19:19 . 2010-11-15 19:19 -------- d-----w- c:\program files\7-Zip
2010-11-11 18:00 . 2010-11-15 18:49 61221 ----a-w- c:\windows\system32\ltekfbxzblspeenm.exe
2010-11-09 18:07 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-03 16:14 . 2010-11-06 23:20 -------- d-----w- C:\Downloads
2010-10-30 16:09 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-29 22:50 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-29 22:50 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-29 22:50 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-29 22:50 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-29 22:50 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-29 22:50 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-10-29 22:49 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-29 20:48 . 2010-10-29 20:48 -------- d-----w- c:\program files\Common Files\Skype
2010-10-29 20:48 . 2010-10-29 20:49 -------- d-----r- c:\program files\Skype
2010-10-29 20:48 . 2010-10-29 20:48 -------- d-----w- c:\programdata\Skype
2010-10-29 17:41 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-10-29 17:41 . 2010-04-14 17:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-29 17:41 . 2008-04-23 04:41 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-10-29 17:41 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-29 17:41 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-10-29 17:41 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-10-29 17:33 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2010-10-29 17:18 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-29 17:18 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-29 17:18 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-29 17:18 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-29 17:18 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-29 17:12 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-10-29 17:12 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-10-29 17:12 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-10-29 17:11 . 2010-10-29 17:11 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-10-29 04:21 . 2010-10-29 04:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-29 02:38 . 2010-10-29 02:38 81920 --sha-r- c:\windows\system32\comsvcsh.dll
2010-10-29 02:22 . 2010-10-29 02:22 -------- d--h--w- c:\programdata\CanonBJ
2010-10-29 02:22 . 2006-09-13 03:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP83.DLL
2010-10-29 02:22 . 2006-09-13 03:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD83.DLL
2010-10-29 02:21 . 2008-04-03 03:00 198656 ----a-w- c:\windows\system32\CNMLM83.DLL
2010-10-29 02:11 . 2010-10-29 02:11 -------- d-----w- c:\program files\BitTorrent
2010-10-29 01:43 . 2010-10-29 01:43 -------- d-----w- c:\program files\Adobe Media Player
2010-10-29 01:38 . 2010-10-29 01:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-29 01:01 . 2010-10-29 01:05 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-10-29 01:01 . 2010-10-29 01:05 -------- d-----w- c:\program files\AutoCAD 2010
2010-10-29 01:01 . 2010-10-29 01:01 -------- d-----w- c:\programdata\Autodesk
2010-10-29 01:00 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-10-29 01:00 . 2008-03-05 22:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-10-29 01:00 . 2008-02-06 06:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-10-29 00:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-10-29 00:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-10-29 00:55 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-10-29 00:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-10-29 00:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-10-29 00:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-10-29 00:44 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-10-29 00:44 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-10-29 00:35 . 2010-10-29 00:35 -------- d-----w- C:\Autodesk
2010-10-29 00:29 . 2010-10-29 00:29 -------- d-----w- c:\programdata\ALM
2010-10-29 00:03 . 2010-10-29 01:13 -------- d-----w- c:\programdata\FLEXnet
2010-10-28 23:44 . 2010-10-28 23:44 -------- d-----w- c:\program files\Bonjour
2010-10-28 23:40 . 2010-10-28 23:40 -------- d-----w- c:\windows\system32\Macromed
2010-10-28 23:39 . 2010-10-28 23:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-10-28 23:37 . 2010-10-29 02:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-28 23:03 . 2008-11-10 18:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-28 23:03 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-10-28 23:02 . 2010-10-29 17:27 -------- d-----w- c:\program files\Microsoft Works
2010-10-28 23:01 . 2010-10-29 17:19 -------- d-----w- c:\program files\Microsoft.NET
2010-10-28 23:01 . 2010-10-28 23:01 -------- d-----w- c:\windows\PCHEALTH
2010-10-28 22:59 . 2010-10-28 22:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-28 22:58 . 2010-11-10 17:25 -------- d-----w- c:\programdata\Microsoft Help
2010-10-28 22:57 . 2010-10-28 22:57 -------- d-----r- C:\MSOCache
2010-10-28 22:55 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-10-28 22:55 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-10-28 22:54 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-10-28 22:25 . 2008-11-27 00:42 205328 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-10-28 22:25 . 2008-11-27 00:42 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-10-28 22:25 . 2006-11-09 23:04 73288 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-10-28 22:25 . 2006-11-09 23:04 280392 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-10-28 22:25 . 2006-09-11 22:54 1021712 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-10-28 22:25 . 2010-11-06 20:19 -------- d-----w- c:\programdata\Trend Micro
2010-10-28 22:24 . 2010-10-28 22:24 -------- d-----w- c:\program files\Trend Micro
2010-10-28 22:22 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-28 22:22 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-28 22:22 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-10-28 22:22 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-10-28 22:22 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-10-28 22:21 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2010-10-28 22:21 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-28 22:21 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-28 22:21 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-28 22:21 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-28 22:21 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-10-28 22:21 . 2010-10-28 22:21 -------- d-----w- c:\programdata\Uninstall
2010-10-28 22:21 . 2010-10-28 22:21 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-10-28 22:20 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-28 22:20 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-28 22:20 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-10-28 22:20 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-10-28 22:20 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-10-28 22:20 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-10-28 22:20 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-10-28 22:20 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-10-28 22:20 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-10-28 22:20 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-10-28 22:19 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-10-28 22:19 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-10-28 22:19 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-10-28 22:19 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-10-28 22:19 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-10-28 22:18 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-28 22:18 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-28 22:18 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-28 22:18 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-10-28 22:18 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-10-28 22:18 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-10-28 22:18 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-10-28 22:16 . 2009-10-23 17:42 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-10-28 22:16 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-28 22:16 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-28 22:16 . 2010-10-28 22:16 -------- d-----w- c:\programdata\Sonic
2010-10-28 22:16 . 2010-10-28 22:16 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-10-28 22:16 . 2010-10-28 22:16 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-10-28 22:16 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-28 22:16 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 22:16 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 16:01 . 2010-10-28 22:16 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-10-28 22:16 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-10-28 22:16 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-10-28 22:16 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-10-29 2988400]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-10-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-10-28 21:22 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-09-18 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-09 923216]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-09 566872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-27 36368]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM-Run-affgxzkstntxuebky - c:\windows\system32\tndvfknavqqna.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 16:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Aysha\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-15 16:05:25
ComboFix-quarantined-files.txt 2010-11-16 00:05

Pre-Run: 184,463,421,440 bytes free
Post-Run: 184,567,152,640 bytes free

- - End Of File - - 13BABAAABDCB0CBAAC2E4A2D39F38266

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:23 AM

Posted 16 November 2010 - 05:21 AM

Hi again, things look quite good indeed. :) You can turn on your security software now.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:23 AM

Posted 22 November 2010 - 06:24 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:23 AM

Posted 25 November 2010 - 06:40 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users